New to the forums and to ASG. Thanks in advance for your help!
I have a vendor that requires NAT to pubilc IP on our L2L IPSEC VPN as they terminate hundreds of VPN's and REQUIRE this to prevent RFC1918 IP overlaps.
My requirement is below with IP's changed for privacy, but the concept should still apply. I was quite familiar with how to handle this on my pix515e, but have struggled for a week on the ASG425....and am now wondering wondering if this is even possible on this platform.
ASG425 running 8.3
ASG wan IP: 10.10.10.15/32
ASG lan IP: 192.168.1.240/32
my side of VPN:
my internal host 192.168.1.25/32 ---> 1:1 NATs to 10.10.10.20 (public IP not my ASG's wan interface) to connect IPSEC VPN from my ASG (10.10.10.15/32)
vendor's side:
my vendor's VPN peer (Cisco ASA = 20.20.20.33/32) presents me with their host server to connect to also a NAT'd host from their side (20.20.20.38/32)
Can the ASG handle this? On my pix 515e this was a simple static 1:1 NAT or static policy NAT if that was your prefernce, and then refence the nat'd IP address as my "local" network of the VPN build. On the PIX the NAT is applied/processed before the packet is inpected on the WAN interface for requirements of IPSEC encryption.
I've tried various iterations of SNAT/DNAT and creating 'additional' addresses on the interface setup screen, with no success.
Can someone provide a high level of what needs to be created on the ASG. Thanks again for any help you can provide.
I have a vendor that requires NAT to pubilc IP on our L2L IPSEC VPN as they terminate hundreds of VPN's and REQUIRE this to prevent RFC1918 IP overlaps.
My requirement is below with IP's changed for privacy, but the concept should still apply. I was quite familiar with how to handle this on my pix515e, but have struggled for a week on the ASG425....and am now wondering wondering if this is even possible on this platform.
ASG425 running 8.3
ASG wan IP: 10.10.10.15/32
ASG lan IP: 192.168.1.240/32
my side of VPN:
my internal host 192.168.1.25/32 ---> 1:1 NATs to 10.10.10.20 (public IP not my ASG's wan interface) to connect IPSEC VPN from my ASG (10.10.10.15/32)
vendor's side:
my vendor's VPN peer (Cisco ASA = 20.20.20.33/32) presents me with their host server to connect to also a NAT'd host from their side (20.20.20.38/32)
Can the ASG handle this? On my pix 515e this was a simple static 1:1 NAT or static policy NAT if that was your prefernce, and then refence the nat'd IP address as my "local" network of the VPN build. On the PIX the NAT is applied/processed before the packet is inpected on the WAN interface for requirements of IPSEC encryption.
I've tried various iterations of SNAT/DNAT and creating 'additional' addresses on the interface setup screen, with no success.
Can someone provide a high level of what needs to be created on the ASG. Thanks again for any help you can provide.